All the limitations of use for this template and shown below are caused by the current implementation of the {{padleft:}} parser function used in this template, which does not filter its third parameter containing the characters used for padding a string to the specified length (it currently counts incorrectly the characters to extract from the padding string, and incorrectly measures its effective length; in addition this parameter is limited to 500 bytes).

The following examples are demonstrating that this template is not safe with character entity references found in its string parameter :

{{ Str left | a&nbsp;c | 3 }} → a&n

This should display "a c", but the named character entity was partially truncated, leaving no length available for the final "c".

{{ Str left | a&#66;c | 3 }} → a&#

This should display "abc", but the named character entity was partially truncated, leaving no length available for the final "c".

{{ Str left | a c | 3 }} → a c

The result is correct, as expected.

{{ Str left | a&#32;c | 3 }} → a&#

This last example should be equivalent to the previous one, but it is not.

The following example shows that the presence of some wiki markup that should be transparent and ignored, does not allow this template to work as expected (the nowiki section is replaced by a unique index string in the effective runtime value of the parameter ; this unique (43-bytes long) string starts by a control character (which will be finally filtered out from the generated HTML page if it remains in the result of this template), followed by "UNIQ" and some unique sequence and terminated by "QINU" and a final control character ; it is partially visible below, because the unique string is not complete after truncation, and then cannot be eliminated from the output in the first two lines):

{{ Str left | a<nowiki/>bc | 3 }} → abc

It effectively returns 3 bytes, but the \x07 (BELL) control in the second position is stripped out when generating the HTML displayed here.

On the opposite, the HTML comments, and the "noinclude", "includeonly" and "onlyinclude" wiki markup tags are safe, because they are preprocessed in template parameters, before including it and substituing parameters:

{{ Str left | a<noinclude/>bc | 3 }} → abc

{{ Str left | a<!-- comment -->bc | 3 }} → abc

Note also that the specified length will cause the input string to be padded by repeating it, it this length is larger than the input string length: